export async function callProtected(endpoint: string) {
  const token = sessionStorage.getItem('access_token');
  if (!token) throw new Error('No access token');

  const res = await fetch(endpoint, {
    headers: {
      Authorization: `Bearer ${token}`,
    },
  });

  if (res.status === 401) {
    // 过期了，做刷新或重新登录
    throw new Error('Unauthorized');
  }

  return res.json();
}
